review.tizen.org Git - platform/upstream/gcc.git/commit

author	Joffrey Huguet <huguet@adacore.com>
	Tue, 3 May 2022 12:46:35 +0000 (14:46 +0200)
committer	Pierre-Marie de Rodat <derodat@adacore.com>
	Thu, 2 Jun 2022 09:06:36 +0000 (09:06 +0000)
commit	f0b7fddbefbe7af7c14ed5f2def49bbdb4a6c919
tree	e97796c37cad383a3a00e8cc54b29b209c1229a3	tree \| snapshot
parent	dcfdd2851b297e0005a8490b7f867ca45d1ad340	commit \| diff

[Ada] Add contracts to Interfaces.C.Strings

This patch adds Global contracts and preconditions to subprograms of
Interfaces.C.Strings. Effects on allocated memory are modelled
through an abstract state, C_Memory. The preconditions protect against
Dereference_Error, but not Storage_Error (which is not handled by
SPARK). This patch also disables the use of To_Chars_Ptr, which
creates an alias between an ownership pointer and the abstract state,
and the use of Free, in SPARK code. Thus, memory leaks will happen
if the user creates the Chars_Ptr using New_Char_Array and New_String.

gcc/ada/

* libgnat/i-cstrin.ads (To_Chars_Ptr): Add SPARK_Mode => Off.
(Free): Likewise.
(New_Char_Array): Add global contracts and Volatile attribute.
(New_String): Likewise.
(Value, Strlen, Update): Add global contracts and preconditions.
* libgnat/i-cstrin.adb: Add SPARK_Mode => Off to the package
body.

gcc/ada/libgnat/i-cstrin.adb		diff \| blob \| history
gcc/ada/libgnat/i-cstrin.ads		diff \| blob \| history